Field of the Invention
The present invention generally relates to network security. The present invention more specifically relates to the intelligent and real-time response to malicious content threats in a global network.
Description of the Related Art
Initial efforts in defending against the annoyance and threat of unwanted electronic mail (i.e., spam) came in the form of designating mail as ‘junk.’ An e-mail recipient could designate unwanted e-mail in their inbox as junk. Once designated as junk, the e-mail was removed from the recipient inbox and sent to a ‘junk’ folder. The sender of the designated e-mail was then added to a ‘blocked’ or ‘black’ list whereby subsequent messages from that sender were likewise diverted to the ‘junk’ folder. Erroneously designated messages could be ‘un-junked’ and the process would be undone.
Over time, however, senders of e-mail learned to use random or spoofed sender addresses. By constantly changing sender identities, a particular sender of spam could make a prior ‘junk’ designation as to a particular address ineffective. In response to this development, the analysis of electronic-mail designated as ‘junk’ (or later ‘un-junked’) went beyond mere sender identification. Electronic mail messages were disassembled into more fundamental components such as the identity of the sender, specific aspects as to the content of the message, present of hyperlinks, and other distinguishing characteristics.
More and more users send and receive electronic mail—including spam. The increased number of users is indicative of a populace that has become increasingly reliant on network communications and resources. This increased reliance corresponds to a shift in the presence of sensitive information on network infrastructures. As the amount and importance of sensitive information on networks has grown, so has the incentive and opportunity for poorly intentioned users to introduce spam and other malicious threats into a network—often at a global level. The growth in users, sensitive information, and potential threats coupled with the need to isolate threats at time-zero before they can infect or affect a network or networks requires a system with increased speed and scalability and that can operate on a global scale.